discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Éric Boucher <bouchereric0000 AT hotmail.com>
- To: "discuss AT lists.opennicproject.org" <discuss AT lists.opennicproject.org>
- Subject: RE: [opennic-discuss] iptables rules inefficient
- Date: Sat, 1 Jun 2013 04:57:06 -0400
- Importance: Normal
Great try but i think you forgot about SYNFLOOD...
- Éric
> Date: Fri, 31 May 2013 21:45:58 -0400
> From: weblionx AT gmail.com
> To: discuss AT lists.opennicproject.org
> Subject: Re: [opennic-discuss] iptables rules inefficient
>
> Has anyone ever tried using TCP only for a DNS server? I don't know
> how well clients would handle that, and I know it has some extra
> latency, but if it eliminates the ability to use it for a DDoS it
> seems like it might be something worth trying.
>
> I'm assuming that regular TCP-DNS uses one connection per query. Would
> it be possible to set it up so it kept the connection up for many
> queries, or would that require using a tunnel or rewriting software?
>
> - C
>
> On Fri, May 24, 2013 at 6:40 AM, Psilo <dns AT psilo.org> wrote:
> > Thank you Jeff for binging the conversation back to the topic.
> >
> > Eric: I am simply using the rules mentioned in the wiki pointed by Jeff.
> >
> > The IRC conversation with the guy that understands nothing to DNS
> > amplification attacks is just useless.
> >
> > Psilo
> >
> >
> > Le vendredi 24 mai 2013, Jeff Taylor a écrit :
> >
> >> We have a collection of rules posted here:
> >> http://wiki.opennicproject.org/Tier2Security
> >>
> >>
> >> On 05/23/2013 09:43 AM, Éric Boucher wrote:
> >>
> >> This is great changes... May i ask for your rules so i can add it to mine
> >> ?
> >>
> >> Thanks,
> >> Éric
> >>
> >>
> >
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
> From: weblionx AT gmail.com
> To: discuss AT lists.opennicproject.org
> Subject: Re: [opennic-discuss] iptables rules inefficient
>
> Has anyone ever tried using TCP only for a DNS server? I don't know
> how well clients would handle that, and I know it has some extra
> latency, but if it eliminates the ability to use it for a DDoS it
> seems like it might be something worth trying.
>
> I'm assuming that regular TCP-DNS uses one connection per query. Would
> it be possible to set it up so it kept the connection up for many
> queries, or would that require using a tunnel or rewriting software?
>
> - C
>
> On Fri, May 24, 2013 at 6:40 AM, Psilo <dns AT psilo.org> wrote:
> > Thank you Jeff for binging the conversation back to the topic.
> >
> > Eric: I am simply using the rules mentioned in the wiki pointed by Jeff.
> >
> > The IRC conversation with the guy that understands nothing to DNS
> > amplification attacks is just useless.
> >
> > Psilo
> >
> >
> > Le vendredi 24 mai 2013, Jeff Taylor a écrit :
> >
> >> We have a collection of rules posted here:
> >> http://wiki.opennicproject.org/Tier2Security
> >>
> >>
> >> On 05/23/2013 09:43 AM, Éric Boucher wrote:
> >>
> >> This is great changes... May i ask for your rules so i can add it to mine
> >> ?
> >>
> >> Thanks,
> >> Éric
> >>
> >>
> >
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
- RE: [opennic-discuss] iptables rules inefficient, Éric Boucher, 06/01/2013
- RE: [opennic-discuss] iptables rules inefficient, Kenny Taylor, 06/01/2013
- Re: [opennic-discuss] iptables rules inefficient, Psilo, 06/01/2013
- Re: [opennic-discuss] iptables rules inefficient, Guillaume Parent, 06/01/2013
- Re: [opennic-discuss] iptables rules inefficient, Psilo, 06/01/2013
- <Possible follow-up(s)>
- Re: [opennic-discuss] iptables rules inefficient, staticsafe, 06/01/2013
- RE: [opennic-discuss] iptables rules inefficient, Kenny Taylor, 06/01/2013
Archive powered by MHonArc 2.6.19.